1
00:00:01,450 --> 00:00:07,010
It Ethan that networks don't have any authentication by default to access the network.

2
00:00:07,010 --> 00:00:13,730
All you need to do is plug your ethernet cable into a switch and you will gain access to the network

3
00:00:13,730 --> 00:00:21,570
with no authentication no authorization and no accounting triple-A or authentication authorization.

4
00:00:21,570 --> 00:00:28,280
Accounting is a way to centralize policies that are applied to network devices.

5
00:00:29,070 --> 00:00:36,540
As an example you could centralize the authentic cation of users by using a triple A server such as

6
00:00:36,540 --> 00:00:37,790
Cisco secure.

7
00:00:37,890 --> 00:00:45,600
Yes the authentication means that you are authenticating a user name and password before a user can

8
00:00:45,600 --> 00:00:49,610
access the network or a device on the network.

9
00:00:49,800 --> 00:00:56,200
Authorization determines what youre allowed to do once you have been authenticated.

10
00:00:56,490 --> 00:01:01,760
So are you as an example allowed to go to privilege mode or enable mode on a router.

11
00:01:02,040 --> 00:01:05,550
Are you allowed to access a server on the network.

12
00:01:05,550 --> 00:01:09,130
Accounting is a log of what's happened on the network.

13
00:01:09,240 --> 00:01:18,050
So as an example you could log user's attempts to access a network device via telnet or S-sh in a moment

14
00:01:18,090 --> 00:01:19,040
all demonstrate.

15
00:01:19,040 --> 00:01:26,600
Triple A using a genius three network where I have a Cisco ACX server connected.

16
00:01:26,790 --> 00:01:33,630
The server is running within VM Ware but is connected via a genius three switch to multiple network

17
00:01:33,630 --> 00:01:34,930
devices.

18
00:01:35,100 --> 00:01:40,950
I'll configure the network to use local authentication and then we'll centralize the authentication

19
00:01:41,460 --> 00:01:48,870
so that Loggins authorized from a central A C a server rather than having a local username and password

20
00:01:48,870 --> 00:01:51,840
database on each network device.

21
00:01:52,170 --> 00:01:54,680
Not to stop anyone just accessing your network.

22
00:01:54,690 --> 00:02:02,820
You can implement identity based theni cation or identity based networks by using a protocol called

23
00:02:02,850 --> 00:02:04,780
Ada 12:58 x.

24
00:02:04,800 --> 00:02:12,360
The trouble 11:52 one X stented allows you to implement identity based networking where a client machine

25
00:02:12,360 --> 00:02:17,890
has to present a user name and password before they can gain access to the network.

26
00:02:18,060 --> 00:02:23,070
In Ada to the 1x you have three components or three roles.

27
00:02:23,070 --> 00:02:31,590
The client also known as the supplicant is a PC such as a Windows PC running Ada to add 1 x compliant

28
00:02:31,590 --> 00:02:39,180
client software and a theni Keda doesn't just vindicate the client but Saens authentication information

29
00:02:39,180 --> 00:02:45,660
through to and or any cations server the authentic data would be something like an Ethernet switch which

30
00:02:45,660 --> 00:02:52,560
is controlling access to the network the client PC is connected to a port on the switch acting as the

31
00:02:52,560 --> 00:02:59,490
authenticator and no frame's from the client are permitted except 8:0 to that one x frames before if

32
00:02:59,520 --> 00:03:01,170
any cation takes place.

33
00:03:01,230 --> 00:03:07,550
So when the client sends traffic to the switch acting as the syndicator it will send an ADA to to add

34
00:03:07,550 --> 00:03:14,400
one X challenge to the client asking for a theni cation information a user name and password is sent

35
00:03:14,610 --> 00:03:22,350
to the switch but the switch doesn't read that information but passes it on to the authentication server

36
00:03:22,830 --> 00:03:30,480
which could be a radius or task X server radius and Takacs or the protocols used between the authenticator

37
00:03:30,870 --> 00:03:32,740
and a theni cations server.

38
00:03:32,940 --> 00:03:37,370
The authentication server validates the credentials of the client.

39
00:03:37,380 --> 00:03:42,780
In other words it makes sure that the client username and password are correct and that the client is

40
00:03:42,780 --> 00:03:45,120
allowed to access the network.

41
00:03:45,120 --> 00:03:50,490
If the username and password all correct the any cations server sends a message to the authenticator

42
00:03:50,710 --> 00:03:55,080
or switch which then permits the client access to the network.

43
00:03:55,080 --> 00:04:00,930
The authenticator sends a successful authentication message to the client and now when the client forbids

44
00:04:00,930 --> 00:04:07,370
traffic such as HTP or telnet traffic that is permitted onto the network.

45
00:04:07,380 --> 00:04:14,730
The important thing with 1:52 that one ex is that the client cannot access the network until authentication

46
00:04:14,730 --> 00:04:21,530
has succeeded based on the information stored in the offene cations server and authentication server

47
00:04:21,570 --> 00:04:24,090
could use a local database.

48
00:04:24,360 --> 00:04:30,350
Or it could use a centralized directory such as active directory for the storing of usernames and passwords.